Europe’s new General Data Protection Regulation is seen by experts as the world’s most aggressive set of internet privacy rules. It is expected to come into force on May 25, and it will give more than 500 million people living in the European Union the right to keep companies from collecting personal data, or to have it deleted. Regulators like Ms. Dixon will be able to fine companies up to 4 percent of global revenue — equivalent to about $1.6 billion for Facebook.
The privacy law highlights broader skepticism of Silicon Valley in Europe, where regulators have punished companies for violating taxand antitrust laws, not doing enough to stop the spread of hate speech and misinformation online, and intrusively gobbling up data on consumers.
Ireland in particular is taking center stage in the wide-ranging battle. The country is the European headquarters for data-hungry companies including Airbnb, Apple, Facebook, Google, Twitter and Microsoft, which owns LinkedIn.
If companies do not comply with the law, Ms. Dixon said, “they will suffer consequences.”
But for all the tough talk, the reality is that her agency subsists on an annual budget of 7.5 million euros, equivalent to $9 million. That’s roughly as much revenue as the companies she oversees generate over all in 10 minutes. Facebook, which also owns WhatsApp and Instagram, has hundreds of people globally working on data protection regulation alone, including lawyers and privacy experts hired in Dublin.
The data protection office was once an afterthought. During an effort by the Irish government to move less-critical agencies out of Dublin, it was relocated in 2006 50 miles west to a town called Portarlington, population 8,368. Its power was so limited that it could not publicize investigations.